summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2012-03-04s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett18-827/+67
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04s3:smbd/globals.h: remove unused pollfd pointerStefan Metzmacher1-6/+0
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Mar 4 23:18:10 CET 2012 on sn-devel-104
2012-03-04s3: Fix some && vs & warningsVolker Lendecke1-3/+3
Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Sun Mar 4 13:31:25 CET 2012 on sn-devel-104
2012-03-04s3-winbindd: Add stdin handler for winbindAndrew Bartlett2-3/+48
This will help avoid runaway processes in the test env, particularly when the whole selftest.pl is killed. Andrew Bartlett
2012-03-04s3-nmbd: Add stdin handler for nmbdAndrew Bartlett1-0/+33
This will help avoid runaway processes in the test env, particularly when the whole selftest.pl is killed. Andrew Bartlett
2012-03-04change low FDs are handled in SambaAndrew Bartlett4-19/+2
We now only close fds 0, 1, 2 when we are a forked daemon, and take care not to close a file descriptor that we might need for foreground stdin monitoring. This should fix stdout logging in the lsa and epmapper deamons (ie in make test). Andrew Bartlett
2012-03-04s3: don't replace the error message if already definedMatthieu Patou1-3/+5
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sun Mar 4 10:13:24 CET 2012 on sn-devel-104
2012-03-04s3: print a nice warning when HAVE_ADS is not enabled but you still try to ↵Matthieu Patou1-0/+5
do net rpc keytab vampire
2012-03-03s3: Fix a bogus if (client_len < 0)Volker Lendecke1-1/+1
On some platforms socklen_t might be unsigned, so comparing for <0 always returns true. Also, tsocket_address_bsd_sockaddr returns ssize_t. Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Sat Mar 3 23:38:31 CET 2012 on sn-devel-104
2012-03-03s3:libsmb: pass smb2 capabilities and client guid in cli_state_create()Stefan Metzmacher1-2/+7
metze Signed-off-by: Michael Adam <obnox@samba.org>
2012-03-03smbXcli: add the possiblilty to negotiate client capabilites in smb >= 2.2Michael Adam1-1/+2
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2012-03-03s3:smbd:smb2_write: improve logging in the error caseMichael Adam1-4/+14
2012-03-02s3:smb2_server: use SMB2_WATCH_TREEChristian Ambach1-1/+1
it makes the code easier to understand if it uses the names specified in MS-SMB2 instead of just the underlying values
2012-03-02s3:smb2_server fix a typoChristian Ambach1-1/+1
2012-03-03s3: Fix some blank line endingsVolker Lendecke1-5/+5
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Sat Mar 3 03:41:03 CET 2012 on sn-devel-104
2012-03-02s3: Test for statfs before statfs64Volker Lendecke1-20/+20
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Fri Mar 2 12:04:35 CET 2012 on sn-devel-104
2012-03-02s3: Further fix for bug 8777Brad Smith3-12/+35
2012-03-02s3: Enable statvfs usage on NetBSDVolker Lendecke1-30/+30
linux_statvfs is pretty much what you use when you have susv4. No real code change, this moves linux_statvfs to the bottom of the (LINUX) to #ifdef (STAT_STAVFS).
2012-03-02s3:rpc_server: initialize struct schannel_state to zeroStefan Metzmacher1-2/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Mar 2 08:48:23 CET 2012 on sn-devel-104
2012-03-02s3:rpc_client: initialize struct schannel_state to zeroStefan Metzmacher1-2/+1
metze
2012-03-02s3-selftest: Add tests for ntlm_auth gss-spnego client and serverAndrew Bartlett3-0/+46
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Mar 2 07:05:44 CET 2012 on sn-devel-104
2012-03-02s3-rpcclient: Ensure interfaces are loaded after smb.confAndrew Bartlett1-2/+3
This ensures that the interfaces line in the smb.conf is honoured. Andrew Bartlett
2012-03-02s3-libsmb: Initialise ticket to ensure we do not invalid memoryAndrew Bartlett1-0/+1
The free is however a talloc_free(), which has additional protection against freeing the wrong thing. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104
2012-03-01Move to talloc from malloc.Jeremy Allison1-3/+7
2012-03-01Fix mixup between talloc/malloc.Jeremy Allison1-1/+1
2012-03-01s3-selftest: make ntlm_auth test more robust to bad inputAndrew Bartlett1-2/+5
If we do not know the helper protocol, make sure to error. Andrew Bartlett
2012-03-01s3-selftest: Add more tests for ntlm_authAndrew Bartlett2-19/+79
2012-03-01s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnegoAndrew Bartlett1-16/+5
The SPNEGO code changed since this was last tested. Andrew Bartlett
2012-03-01s3-ntlm_auth: Wrap kerberos token in GSSAPIAndrew Bartlett1-2/+6
While windows will accept this ticket without the wrapping, it is nicer to follow the standard and wrap it up in GSSAPI. This should allow the ntlm_auth gss-spnego-client to talk to the ntlm_auth gss-spengo server. Reported by Christof Schmitt <christof.schmitt@us.ibm.com> Andrew Bartlett
2012-03-01s3-ntlm_auth: Add --target-service and --target-hostname optionsAndrew Bartlett1-9/+40
This will allow the gss-spnego-client protocol to work with modern SPNEGO servers that do not send the principal in the mechListMIC. Andrew Bartlett
2012-03-01build: look for backtrace_symbols in libexecAndrew Bartlett1-1/+1
2012-03-01Trivial Comment fix: Supply a missing word in a commentRichard Sharpe1-1/+1
Autobuild-User: Richard Sharpe <sharpe@samba.org> Autobuild-Date: Thu Mar 1 06:55:44 CET 2012 on sn-devel-104
2012-03-01s3: Fix "make bin/smbtorture4" in the autoconf buildVolker Lendecke1-1/+1
tdb2 support does not work with a system-supplied libtdb yet Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Thu Mar 1 05:23:57 CET 2012 on sn-devel-104
2012-03-01Add open_dir_with_privilege() to ensure we're opening the correct directory ↵Jeremy Allison5-3/+72
when doing backup requests. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Mar 1 03:50:40 CET 2012 on sn-devel-104
2012-02-29Implement FLAG_TRANS2_FIND_BACKUP_INTENT for trans2 with privileges.Jeremy Allison1-4/+46
2012-02-29Add accessor functions to set a bool "priv" on a directory handle. Not yet ↵Jeremy Allison2-0/+13
used, but will be part of FLAG_TRANS2_FIND_BACKUP_INTENT code.
2012-02-29Add the implementation of check_reduced_name_with_privilege(). Now to plumb intoJeremy Allison5-8/+177
SMB1 requests.
2012-02-29Add check_reduced_name_with_privilege(), filename_convert_with_privilege() ↵Jeremy Allison3-5/+103
(currently unimplemented) in order to prepare for adding SeBackup/SeRestore code to the main fileserver. Not yet plumbed into the main SMB1/SMB2 code.
2012-02-29s3:torture/test_smb2: test path based calls during reauth in SMB2-MULTI-CHANNELStefan Metzmacher1-3/+51
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Feb 29 07:23:14 CET 2012 on sn-devel-104
2012-02-29s3:torture/test_smb2: test handle based calls during reauth in ↵Stefan Metzmacher1-0/+18
SMB2-MULTI-CHANNEL metze
2012-02-29s3:torture/test_smb2: do a reauth over multiple channels in SMB2-MULTI-CHANNELStefan Metzmacher1-0/+100
metze
2012-02-29s3:torture/test_smb2: add a 3rd channel to SMB2-MULTI-CHANNELStefan Metzmacher1-1/+154
metze
2012-02-29s3:torture/test_smb2: expect FILE_CLOSED on invalid handles in ↵Stefan Metzmacher1-2/+4
SMB2-MULTI-CHANNEL metze
2012-02-29lib/crypto: add aes_cmac_128* (rfc 4493)Stefan Metzmacher1-1/+2
Thanks to Jeremy, Michael and Volker for the debugging! metze
2012-02-29s3: Introduce "req" helper var in reply_lockingX_successVolker Lendecke1-3/+5
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Wed Feb 29 03:08:53 CET 2012 on sn-devel-104
2012-02-29s3: Fix a const warningVolker Lendecke1-1/+1
2012-02-29s3: Add a test that makes a chained open break an oplockVolker Lendecke6-0/+299
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Wed Feb 29 01:13:03 CET 2012 on sn-devel-104
2012-02-28s3: More fix for smbd -iVolker Lendecke1-1/+1
We need a full re-initialize, otherwise we don't re-init the USR1 signal handler
2012-02-28Fix problem reported by Tom Lee <tlee2951@gmail.com> - when calculatingJeremy Allison1-3/+28
the share security mask, take priviliges into account for the connecting user. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Feb 28 20:21:26 CET 2012 on sn-devel-104
2012-02-28smbd: detect EOF on stdin in --foreground modeAndrew Tridgell1-0/+25
if EOF is detected on stdin then exit